You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/18 22:01:01 UTC
svn commit: r1447491 -
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
Author: angela
Date: Mon Feb 18 21:01:01 2013
New Revision: 1447491
URL: http://svn.apache.org/r1447491
Log:
OAK-527: permissions (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1447491&r1=1447490&r2=1447491&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java Mon Feb 18 21:01:01 2013
@@ -25,11 +25,13 @@ import org.apache.jackrabbit.JcrConstant
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.TreeImpl;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
/**
* Validator implementation that checks for sufficient permission for all
@@ -39,7 +41,6 @@ class PermissionValidator implements Val
/* TODO
* - Renaming nodes or Move with same parent are reflected as remove+add -> needs special handling
- * - review usage of OAK_CHILD_ORDER property (in particular if the property was removed
* - Proper handling of jcr:nodeTypeManagement privilege.
*/
@@ -76,7 +77,11 @@ class PermissionValidator implements Val
@Override
public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException {
- checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
+ if (TreeImpl.OAK_CHILD_ORDER.equals(after.getName())) {
+ checkPermissions(parentAfter, false, Permissions.MODIFY_CHILD_NODE_COLLECTION);
+ } else {
+ checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
+ }
}
@Override
@@ -131,9 +136,11 @@ class PermissionValidator implements Val
private void checkPermissions(@Nonnull Tree parent, @Nonnull PropertyState property,
long defaultPermission) throws CommitFailedException {
- long toTest = getPermission(parent, property, defaultPermission);
- if (!permissionProvider.isGranted(parent, property, toTest)) {
- throw new CommitFailedException(new AccessDeniedException());
+ if (!NodeStateUtils.isHidden((property.getName()))) {
+ long toTest = getPermission(parent, property, defaultPermission);
+ if (!permissionProvider.isGranted(parent, property, toTest)) {
+ throw new CommitFailedException(new AccessDeniedException());
+ }
}
}